Configure a Collector

Configure a Source

To collect logs from IIS, use an Installed Collector and a Local File Source. You may also configure a Remote File Source, but the configuration is more complex. Sumo Logic recommends using a Local File Source if possible.

Collection start time. Choose how far back you would like to begin collecting historical logs. For example, choose 7 days ago to being collecting logs with a last modified date within the last seven days.

Source Host. Sumo Logic uses the hostname assigned by the operating system by default, but you can enter a different host name.

Source Category (Required). For example, "IIS_prod". (The Source Category metadata field is a fundamental building block to organize and label Sources. For details see Best Practices.)

Configure the Advanced section:

Timestamp Parsing Settings: Make sure the setting matches the timezone on the log files.

Time Zone: Select the option to Use time zone from log file. If none is present use: and set the timezone to UTC.

Timestamp Format: Select the option to Automatically detect the format.

Encoding. UTF-8 is the default, but you can choose another encoding format from the menu if your IIS logs are encoded differently.

Enable Multiline Processing. Disable the option to Detect messages spanning multiple lines. Because IIS logs are single line log files, disabling this option will improve performance of the collection and ensure that your messages are submitted correctly to Sumo Logic.

Click Save.

After a few minutes, your new Source should be propagated down to the Collector and will begin submitting your IIS log files to the Sumo Logic service.

Recommended articles

Sumo Logic is the industry’s leading secure, cloud-native, machine data analytics service, delivering real-time, continuous intelligence across the entire application lifecycle and stack. More than 1,000 customers around the globe rely on Sumo Logic for the analytics and insights to build, run and secure their modern applications and cloud infrastructures.